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EMBEIDDEP SYNCHROIVQUS RANDOM DISPOSABLE COPE 
IDEIVTTFTCATION METHOD AND SYSTEM 

The present invention relates to a system and method for identifying a user or device 
5 and, optionally, for conducting transacTiOT^ between the user or device and a third 
party, for example by way of a telephone connection or an electronic computer 
syscem such as the Internet- 
Various systems £ire known for conducting electronic transactions in a more or less 

10 secure manner over a telecommunications link or the like. One well known system is 
known as electronic funds transfer at point-of-sale (EFTPOS), in which a user is 
issued with a credit or debit card bearing a unique identification number, usually 
embossed on the card in human-readable form and also encoded on a machine- 
readable magnetic strip on the reverse of the card. For further identification 

15 purposes, the card typically includes space for a user permanently to include his or 
her signature. In use, when a user wishes to make a purchase in, for example, a retail 
store, he or she presents the debit or credit card to a store employee. The card is then 
swiped through a card reader, and information relating to the identity of the card, the 
identity of the retail store and the value of the goods or services being purchased is 

20 transmitted by way of a telephone connection to a remote computer server operated 
by the card issuer (normally a hank or suchlike). The remote computer server checks 
that the user*s card account contains sufficient funds or credit to cover the proposed 
□ransaction, checks that the user's card account is currently operational (for example, 
to check that the card has not been reported stolen)* and then issues a conJBbrmaxion 

25 signal back to the card reader to indicate that the transaction may be authorised. The 
store employee must then obtain a specimen of the user's signature and compare this 
with the signature on the reverse of the card so as to check the identity of the user. If 
the signatures appear to match, the store employee operates the card reader to 
complete the transaction, and the funds required to cover the transaction are then 

30 electronically transferred from the user's card account lo the retail store. If the 
signatures do. not appear to match, then the store employee may request additional 
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proof of identification before authorising the transaction, or may simply refuse the 
transaction and retain the user's card, which may have been stolen, thereby 
preventing any unauthorised transfer of funds. This system is open to fraudulent 
abuse, since it is possible for a card to be stolen and for a thief to forge the signature 
5 of an authorised user. 

In a development of this system^ a card user may be issued with a personal 
idenxificatioa ntimber (PIN), which is usually a foxir digit code, and which is 
theoretically known only to the user and to the card issuer. Instead of or in addition 

10 to providing a specimen of his or her signaruxc at the point-of-sale, the card user is 
required to enter his or her PIN into the card reader, and this information is 
transmitted to the remote computer server together with the card and retail store 
identification data and data regarding the value of the transacxion. By providing an 
e3ctra identification check by way of the PIN, this system helps to prevent fi-aud by 

15 forgery of signatures, but is still not completely secure because the PIN does not 
change between transactions, and may therefore be inteicepted together with card 
identification data when being transmitted between the card reader and the remote 
server. Furthermore, it is possible for a thief to observe a user entering his or her PIN 
into a card reader and to remember the PIN. If the Thief is also able to obtain card 

20 identification details, for example from a discarded till receipt or through conspiracy 
with the store employee, it is a simple matter to produce a fake card including all the 
appropriate identification information for later ixaudulent use, or even to rob the 
authorised card user of his or her card. 

25 According to a first aspect of the present invention, there is provided a coded 
identification system, the system comprising an electronic computer, a specific 
electronic communications device that is operable to be in communication with the 
electronic computer, and at least one electrotuc communications device that is 
operable to be communication with the electronic computer, wherein the electronic 

30 computer includes data relating to the specific electronic communications device, 
including a permanent identification code, a mask code and an identification code 

2 
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enabling electronic communication between the electronic computer and the specific 
electronic communications device, and wherein the pemiancnt identificalion code is 
input to the at least onie electronic communications device and transmitted to the 
electronic computer, the electronic computer generates a pseudo-random string and 
5 transmits This to the specific electronic communications device, the mask code is 
applied to the psciido-random siring so as to generate a volatile identification code in 
accordance with predetermined rules, the volatile identification code is transmitted 
back to the electronic computer by the specific electronic communications device or 
the at least one electronic communications device, the electronic computer checks the 
10 volatile identification code tmusmittcd tliercto against a volatile identificauon code 
obtained by applying the mask code to the pseudo-random string in accordance with 
the predetermined rules, and in which a positive identification is made when the 
volatile identification codes are found to match by the electronic computer. 

1 5 According to a second aspect of the present invention, there is provided a method for 
identifying a specific electronic communications device or user thereof to an 
electronic computer having stored therein data relating to the specific electronic 
communications device or user thereof, including a permanent identification code, a 
mask code and an identification code enabling communication between the elecironic 

20 computer and the specific electronic communications device, wherein the permanent 
identification code is input to at least one electronic communications device and 
transmitted thereby to the electronic computer, the electronic computer associates the 
pemianent identifjcation code with the identification code enabling communication 
therebetween and the specific electronic communications device and generates a 

25 pseudo-random string before transmitting this to the specific electronic 
communications device, the mask code is applied to the pseudo-random string in 
accordance with predetermined rules so as to generate a volatile identification code, 
the volatile identification code is input to the specific electronic communications 
device or the at least one electronic commtmications device and tmnsraitted to the 

30 electronic computer where it is compared with a volatile identification code 
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generated therein by applying the tD2isk code to the pseudo-random String, and a 
positive identijfication is made when the volatile identification codes match. 

The specific electronic communications device may be a separate device from the at 
5 least one electronic coromunications device, or riiay be the sanae device. For 
example, the specific electronic communications device may be a mobile telephone, 
a pager, a land-line telephone, a personal digital assistant or a computer which may 
be owned or specifically operated by a given person. The at least one electronic 
communications device may be an electronic funds transfer (EFT) or electronic funds 
10 transfer at point-of-sale (EFTPOS) terminal, or may be the same mobile telephone, 
pager J land-line telephone, personal digital assistant or computer which may be 
owned or specifically operated by the person as hereinbefore described. 

The permanent identification code may be supplied to a user in the form of a card 
1 5 bearing human- and/or machine-readable data. 

The identification code enabling electronic communication between the electronic 
computer and the specific electronic cominxanications device may be a mobile 
telephone or pager number where the specific electronic communications device is a 
20 mobile telephone, pager or personal digital assistant, or may be an e-mail address or 
any similar code allowing specific communication with a given specific electronic 
communications device. 

Where the specific electronic com.mun.i cations device is a mobile telephone or the 
25 like, the pseudo-random string may be transmitted in the form of a textmcssage under 
the short messaging service (SMS) protocol. Other well-known communications 
protocols may be employed where appropriate, depending on the nature of the 
specific electronic cornmunications device. 

30 Embodiments of the present invention provide additional security of identi.fication in • 
a number of ways. Firstly, in addition to requiring the person to have access to the 

4 
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permanent identification code, the system requires the person to be in possession of 
an appropriate specific electronic communications device. Secondly, because the 
system requires the user to cause his or her mask code to operate on the pseudo- 
random string so as to generate a volatile identification code in accordance with the 
5 predetermined rules, without the mask code being electronically transmitted together 
with the permanent identification code, it is difficult for an imauthorlsed person to 
intercept communications between the electronic computer, the specific electronic 
communications device and/or the at least one electronic communications device so 
£Ls to dctcrm.inc the mask code and the permanent identification code. 

10 

It will be appreciated that the present invention extends to situations where it is 
required to establish a secure identification of a speciJSc electronic communications 
device rather than of a person as such. For example, the present invention may be 
used as part of a secure "hand-«haking" protocol between remote computers, serving 

15 positively and securely to identify the specific electronic communications device, 
which may itself be an electronic computer, to the electronic computer. Both the 
electronic computer and the specific electronic communications device will have the 
mask code stored within their memories but will not communicate the mask code 
between each other except by way of a secure connection, idczdly entirely separate 

20 firom their normal means of communication. 

The mask code may take various forms. In a currently preferred embodiment, a 
person is issued with or selects a four digit numerical string, for example 3928, 
analogous to the well-known PIN codes cimrently used when operating automated 

25 teller machines (ATMs). However, different lengths of mask code may be used as 
appropriate. The pseudo-random string (which may be ntraieric, alphanumeric or any 
other combination of characters) transmined to the specific electronic 
communications device in response to a signal sent by the at least one electronic 
communications device is displayable thereon in a predetermined form, with the 

30 characters making up the pseudo-random . string being displayed preferably as a linear 
array. The person operating the specific electronic commtmications device then takes 
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the first digit of his or her mask code, in this example. 3, and notes the character in 
third position (say from left lo right) along the pseudo-random string. The person 
then takes the second digit of his or her mask code, in this example 9^ and notes the 
character in ninth position along the pseudo-random string, and so on for the digits 2 
5 and 8 of the mask code. The characters selected from the pseudo-random string form 
the volatile identification code which is then input into the at least one electronic 
communications device and transmitted to the electronic computer for verification. 
Alternatively, the volatile identification code may be transmitted to the electronic 
computer by way of the specific electronic commumcation device. If the volatile 

1 0 identification code received by the electronic computer corresponds to an expected 
volatile identification code calculated by the electronic computer applying the mask 
code to the pseudo-random string, a positive identification is taken to have been 
made. The prime security feature is that the mask code is never transmitted between 
the electronic computer, the specific electronic communications device or the at least 

15 one electronic communications device, and is thus safe from interception by 
unauthorised third parties. The secondary security feature is that a person must be in 
possession of his or her own specific electronic communications device, since the 
electronic computer will transmit the pseudo-random string only thereto. 

20 For additional security, after the volatile identification code has been transmitted to 
the elecuonic computer for verification and found to match a volatile identification 
code generated by the electronic computer, the electronic computer may transmit a 
message to the specific electronic communications device requesting that the person 
confirms that the identification is correct. Only when the person responds 

25 affirmatively to the message by transmitting a confirmatory message from the 
specific electronic communications device to the electronic computer is the 
identification process finally completed. 

In some embodiments of the present invention, it is not necessary for a person 
30 operating the specific electronic communications device to view the pseudo-random 
string and to apply the mask code manually thereto. Instead, a computer program 

6 
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may be pro^/ided in a memory of the specific electronic commimicatjons device 
which allows the peison to enter his or her mask code when prompted, and which 
then applies the mask code automatically to the pseudo-random string, returning the 
appropriate volatile identification code for input into the specific electronic 
5 communications device or the at least one electronic communications device. 

In a further development, at least one position in the pscixdo-random string may be 
chosen to contain a character representative of a predetermined parameter or 
condition. Advantageously, the position of the character and its representational 

10 meaning are known only to the electronic computer and the person operating the 
specific electronic communications device. For example, where the electronic 
computer is operated by a bank and the permanent identijfication code is the person's 
bank account number, then one of the positions in the pseudo-random string, say the 
seventh, may be chosen to be representative of a balance of the person's bank 

15 account, with 0 tor example indicating zero funds and 9 indicating a balance of over 
£1000, with, figures 1 to 8 being representative of balances therebetween on a linear 
scale. Alternatively, for greater security, the at least one position in the pseudo- 
rauidom string may be chosen to contain a flag character, with say any one of the 
digits 1 to 5 indicating a balance below £500 and any one of the digits 6 to 9 

20 indicating a balance above £500. It will be apparent that many other representational 
schemas may be applied so as to convey information in the pseudo-random string. 
Because the position and meaning of the at least one representative character in che 
pseudo-random, string is preferably selectable by the person rather than following a 
set format which may become known to unauthorised third parties, it remains 

25 difficult to extract meaningful information should the pseudo-random string be 
intercepted during transmission. Furthermore, the person may be required to identify 
the position and/or meaning of the at lea^t one representative character after receiving 
the pseudo-random string, thereby providing an additional layer of security in the 
identification process. 

30 
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It will be apparent that in the embodiment described hereinabove; the pseudo-random 
string must be at least ten characters long, since a mask code made up of the nimibcrs 
0 to 9 requires at least ten positions along the pseudo-random string to be functional. 
However, a person of ordinary skill, will appreciate that diflerent mask codes and 
5 siring lengths may be used as required by selecting appropriate coding schemas. It is 
to be emphasised that the pseudo-random suing issued by the electronic computer in 
response to an identification request from the at least one electronic communications 
device will be different for each request, and that it will therefore be extremely 
difficult to dcteimine a given mask code given a series of potentially interceptable 

10 pseudo-random strings and volatile idcntijScation codes. Indeed, in embodiments 
where the specific electronic communications device is a separate device from the at 
least one electronic communications device, for example a mobile telephone and an 
EFTPOS terminal respectively, then the pseudo-random string and the volatile 
identification code are never transmitted along the same route, for example a given 

15 temporary telephone coimection. In embodiments where the specific electronic 
communications device is the same device as the at least one electronic 
communications device, for example a remote computer terminal adapted for secure 
coimection to the electronic computer, then the pseudo-random string may be 
transmitted along the same route, but not together at the same time. In the latter 

20 embodiment, an initial request to log on to the electronic computer may only be 
considered if it emanates by way of a direct modem link from a predetermined 
telephone ntmibcr associated with the person, the pseudo-random string is then 
transmitted back along the modem link to the remote terminal and the volatile 
identj.fi cation code transmitted to the electronic computer by way of the same direct 

25 modem connection, 

In a particularly preferred embodiment, the electronic computer is operated by a debit 
or credit card issuer the specific electronic communications device is a mobile 
telephone, the at least one electronic communications device is an EFTPOS terminal 
30 operated by a retailer, the permanent identification code is a person's debit or credit 
card account number, the mask code is a four digit number as described above, the 



8 



Received 07-Sep-OO 12:01 



Froni-+44 113 230 4?02 



To-THE PATENT OFFICE Page' 13 



*-5EP-ei0 11: ess FRDniHGF LEEDS 113 530 ^T0E TQ: +01633 Sl^'^^'^l PPGE : 01*^''0ET 




identification code enabling electronic commionicatjon between the electronic 
computer and the specific electronic communications device is a telephone niimber 
of the mobile telephone. It is to be understood that the debit or credit card issuer may 
be a bank which issues standard debit cards enabling purchases to be made against 
5 funds in the person's current accoimt or st-andard credit cards enabling purchases to 
be made against a credit account, or may alternatively be a specialist service provider 
issuing dedicated debit cards to subscribers, where the subscribers must arrange for 
fund$ to be transferred to the service provider as required so as to keep at least a 
minimum positive balance associated with their dedicated debit card accounts. 

10 

When a person first applies for an account firom the card issuer, he or she is issued 
with an account number and a card which bears the account number and name of thti 
account holder in the usual way. for example by way of embossing the card with 
human-readable indicia and by way of providing machine-readable data on a 

15 magnetic strip on a reverse portion of the card. The person must supply the usual 
details, such as name and home address, to the card issuer, toy ether with his or her 
mobile telephone number. It is also necessary for the mask code to be issued by the 
card issuer or to be agreed between the card issuer and the person. The mask code is 
preferably issued separately from the card, for example by way of separate postal 

20 deliveries, and is never transmitted together with the accoiint number and/or 
telephone number. When the person wishes to make a purchase using the debit or 
credit card, he or she presents the card to a retailer The retailer than swipes the card 
through the EFTPOS terminal, which then contacts a main computer operated by the 
card issuer. The card/accotmt niunber is transmitted to the main computer by way of 

25 a modem link, together with transaction details including the price of the purchase 
being made. The main computer then correlates the card/account number with the 
person's mobile telephone number and, if there are sufficient funds in the account to 
cover the intended purchase, generates a pseudo-random string which is transmitted 
to the mobile telephone by way, for example, of an SMS message over a cellular 

30 telecommimications link. The person applies the mask code to the pseudo-random 
string as hereinbefore described, and then gives the volatile identtQcation code thus 
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generated to the retailer. The retailer, in ram, enters the volatile idehtijScation code 
into the £FTPOS terminal, which then transmits this data back to the inain computer 
where it is correlated with the person's account details and compared with a volatile 
identification code temporarily stored in the main computer and generated therein by 
5 applying the mask code to the pseudo-random string independently of the persoii. If 
the volatile identification codes match, the main computer transmits a confirmation 
message to the EFTPOS terminal authorising the transaction, and the necessary funds 
to cover the purcheise arc then transifcrxcd automaticeilly to the retailer and debited 
firomthe person's card account. 

10 

In. the event tliat there arc insufficient funds in the person' s account to cover the cost 
of the purchase, the main computer may issue a signal to the EFT terminal that the 
transaction is not authorised, and may issue a message to the mobile telephone 
advising the person to add funds to the account. In tha event that the volatile 

15 identification codes are found not to match, then the main computer may issue a 
signal to the EFTPOS terominal so as to inform the retailer, who may then ask the 
person to check that the correct volatile identification code has been generated and to 
provide the correct code for transmission to the main computer. If the person gives 
the wrong volatile code more than a predetermined number of times, for example 

20 three times, then the main computer may suspend that person's account temporarily 
for reasons of suspicion of fraudulent use. The authentic card holder must then apply 
to the card issuer, together with suitable verification of his or her identity, before the 
account is reactivated and/or a new account and card is issued. 

25 In some embodiments, the person may communicate with the central computer 
directly by way of his or her mobile telephone. This is possible because 
transmissions from a mobile telephone include details of the number of telephone 
number of the mobile telephone, and because the main computer is able to correlate 
mobile telephone numbers with card accounts. One useful feature that may be 

30 provided is an emergency account lock that may be activated in the event that the 
credit or debit card or even the mobile telephone is stolen. Such a lock may be 
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activated by transmitting a predetermined lock code, for example 9999, to the main 
computer. Alternatively or in addition, a lock code may be issued in mask code 
format, which is usefut in the event that a person is robbed and threatened with 
violence so as to hand over his or her card and mobile telephone, together with his or 
5 her mask code. 

A further useful security feature may be provided -wherein, after the volatile 
identification code has been transmitted to the electronic computer for verification 
and found to match a volatile identification code generated by the electronic 

10 computer, the electronic computer may transmit a message to tlie mobile telephone 
requesting that the person confirms that the transaction is authorised. The mcsssigc 
may be sent in SMS or voicemail format, and may include details of the transaction. 
Only when the person responds affirmatively to the message by iransmiTtibng a 
confirmatory message from the mobile telephone to the electronic computer is the 

1 5 transaction finally authorised. 

The credit or debit card of this embodinaent of the present invention may also be used 
lo make secure purchases over the Internet. In this scenario, the at least one 
electronic cotnmtinications device may be a computer server operated by an Internet 

20 retailer. When a person wishes to make a secure purchase, he or she submits the 
account number to the server, by way of c-mail or througli the retailer's website, and 
the server then transmits the account details and purchase details to the main 
computer operated by the card issuer as before. An SMS message containing the 
pseudo-random string is then transmitted to the person's mobile telephone, and the 

25 person then causes a volatile identification code to be generated and then submitted 
to the retailer's server from where it is transmitted to the main computer for 
verification before the transaction is authorised and funds released. 

A person may have more than one account with the card issuer, and may accordingly 
30 select or be assigned more than one mask code, one for each account. Alternatively 
or in addition, more than one mask code may be assigned to each account, and the 

11 
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main computer may indicate by way of one or more characters in the pseudo-random 
string that it is expecting the person to apply a particular mask cede, selected from a 
plurality of prearranged mask codes, to the pseudo-random string, thus providing an 
additional level of security . v . . . . ^ 

5 . ■ 

It is to be appreciated that the present invention is not limited to credit or debit card 
transactions, but provides a secure method and system of identification in a wide 
variety of situations. For example, access to a building or vehicle may be conn-oUed 
by providing a central computer holding details of all people authorised to enter the 
10 building or vehicle, and a swape card bearing a unique identification number or code 
in magnetically-coded format may be issued to each person authorised to enter the 
building or vehicle. At entrances lo the building or vehicle^, electronic locks linked to 
card scanners and electronic kc^^-pads may be provided, the card scanners and keypads 
allowing communication with the central computer. When an authorised person 
1 5 wishes to enter the buildhig or vehicle, he or she swipes the swipe card through the 
card scanner, which then transmits the unique identification number or code to the 
central computer. The central computer correlates the unique identification number 
or code with personal details of the person, including a predetennined mask code, 
and then transmits a pseudo-random string to the keypad for display on a display 
20 provided thereon. iTic person must then apply bis or her mask code to the pseudo- 
random string and enter the volatile identrficatlon code xhus generated into the 
keypad, which then transmits the volatile identification code to the central computer 
for comparison with a volatile identification code generated in the central computer 
as hereinbefore described. If the volatile identifi canon codes match, then the central 
25 computer issues a signal to imlock the electronic lock. Such a system provides .a 
significant advantage over existing electronic locks operated by keying in a 
predetermined code, because each time a person enters the bmJding or vehicle, he or 
she will have to enter a different volatile identification code. This means that a 
potential thief or the like will not be able to gain access to the building or. vehicle 
30 merely by observing an authorised person keying in an entry code and subsequently 
entering the same entry code. 

12 
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Furthermore, it is not necessary to provide a swipe card to each person authorised to 
enter the building or vehicle. Instead, each person is issited with a unique and 
memorable peixnanent identification number or code, which may be input by way of 
5 the electronic keypad when access to the building or vehicle is reqtiired. The unique 
permanent identification number or code is then correlaxed in the central computer 
with the appropriate mask code and a pseudo-random string transmitted to the 
electronic keypad for display on a display thereof as before. 

10 It will be appreciated that in the above embodiments, the electronic keypad and 
optional card scanner form the at least one electronic communications device as well 
as the specific electronic communications device. For added seciuixy, albeit 
involving additional inconvenience, persons authorised to enter the bmlding or 
vehicle may be provided with mobUe telephones as specific electronic 

15 communications devices, with the pseudo-random string being transmitted to the 
mobile telephone rather than to a display on the electronic keypad. 

Alternative uses for the system and method of the present invention include any 
simation where secure identification of a person in an electronic comrounications 

20 environment is required. For example, the system and method maybe employed for 
secure remote log-in to a computer and secure telecommunications in general (e.g. 
business-to-business c-commerce transactions., air oafQc control communications 
etc.). The system and method may also be implemented in the context of a vehicle 
immobiliser and/or alarm, whereby an authorised user of the vehicle is requested to 

25 apply a mask code to a pseudo-random string so as to deactivate the immobiliser. or 
alarm. 

A further use for the present invention is as a secure ticketing system. A supplier of 
travel tickets, concert tickets, cinema and theatre tickets and tickets for sporting 
30 events, among others, may issue a '^drtual" ticket in the form of a permanent 
customer identification code and a pseudo-random string transmitted from a host 
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computer to a specjilc electronic communicatioTis dcvicp. Upon axrival at a venue or 
upon request by a ticket inspector, a person to whom the 'Sdrtual" ticket has been 
issued tnay be required to apply liis or her mask code to the pseudo-random stnng 
and to. pro vide the virtual . identification code generated thereby, together with the . 
5 permanent customer identification code, to-the ticket inspector. The ticket inspector 
may be provided with an electronic communications device by way of wtLlch this 
information may be transmitted back to the host computer for verification, and to 
which a verification signal may be sent by the host computer in the event that the 
person is positively identified as an authorised ticket holder. 

10 

Yet another use for the present invention is in a parcel or postal depot, such as a post 
office, or a catalogue store or a warehouse or the like, where people visit to pick up 
parcels, post or other articles and it is necessary positively to identify a person before 
handing over the parcels, post or other articles. A person picking up an article will 
15 have been issued with a pseudo-random string and, upon collection, is asked to 
supply a volatile identiiication code generated by the application of his or her mask 
code to the pseudo-random string. 

For a bensr understanding of the present invention and to show how it may be carried 
20 into effect, reference shall now be made, by way of example, to the accompanying 
drawing in which: 

FIGURE 1 is a schematic diagram 5howj.ng a preferred embodiment of the present 
invention. 

25 

Figure 1 shows a host computer 1 operated by a credit/debit card issuer, a user 2 
having a mobile telephone 3, and an EFTPOS temiinal 4, The user 2 is issued with a 
card (not shown) having a unique 16-digit account number embossed and 
magnetically encoded thereon, this 16-digit account number being correlated in the 
30 host computer 1 with account details relating to the user as well as a 4-digit mask 
code selected by or assigned to ihc user 2 upon initial registration with the 

14 
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credit/debit card issuer and a unique telephone number of the mobile telephone 3. 
The 16-digit account number is chosen for compatibility with existing: credit/debit 
card protocols, and th^ 4-digit mask code for compatibility with existing PIN 
protocols. When the user 2 wishes to make a purchase from a retailer (not shown) 
5 operating the EFTPOS terminal 4, he or she presents the card, which is then scanned 
by the EFTPOS terminal 4. Details regarding a purchase are also entered into the 
EFTPOS terminal 4 by the retailer, and these are transmiued^ Together with ihe 
account number, to the host computer 1 by way of a modem link 5. The host 
computer 1 then correlates the account number with details of the user 2, including 

10 the telephone number of the mobile telephone 3. and generates a 13-digii pseudo- 
random string which is transmitted to the mobile telephone 3 by way of an SMS or 
voicemail protocol 6. The first three digits of the pseudo-random string are not 
random and are reserved to indicate to the user that a received SMS message is flrom 
the host computer. For example, the first three digits may be "Tl:" or "T2:" or the 

1 5 like, so as to indicate that the host computer 1 is expecting the user 2 to apply a first 
or a second mask code to the pseudo-random string. The next 10 digits of the 
pseudo-random string provide sufficient redundancy for any 4-digit mask code to 
operate thereupon in the maimer hereinbefore described. By choosing a string length 
Of 13 digits for the pseudo-random string, compatibility with existing mobile 

20 telephone displays and EAN13 (European Article Niimber) barcode protocols is 
ensured. 

Upon reception of the pseudo-random string by the mobile telephone 3, the user 2 
must apply the mask code thereto as hereinbefore described so eis to generate a 
25 volatile identification code, which is then passed 8 to the retailer and entered into the 
EFTPOS terminal 4 for transmission to the host computer 1. Alternatively, the 
volatile identification code may be returned by the user 2 to the host computer 1 by 
way of the mobile telephone 3. 

30 When the host computer I receives the volatile identification code, it compares this 
with a volatile identification code generated within the host computer 1 by applying 

15 
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the mask code to the pseudo-random string and, if the. volatile identification codes, 
are found to match, issues a signal to the EFTPOS terminal 4 so as to audiorise the 
purchase and to transfer necessary fimds to the retailer. Optionally, before 
authorisins the transfer of funds, the host computer 1 may send a message to . the 
3 mobile telephone 3, for example in SMS ot-voicemail format 6, preferably including 
details of the transaction, and requesting that The user 2 return a signal 7 so as finally 
to confimi ihe transaction. This may provide added peacc-of-mind for unusually 
large transactions and may alert a user 2 in the event that trauduleni use is being 
made of his or her card. 
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CLAIMS; 

1 . A coded identification system, the system comprising an electronic computer, 
a specific electronic communicatioDS device that is operable to be in communication 

5 with the electronic computer, and at least one electronic commun-ications device that 
is operable to be communication with the electronic computer, wherein the electronic 
computer includes data relating to the specific electronic communications device, 
including a permanent identification code, a mask code and an identification code 
enabling electronic communication between the electronic computer and the specific 

10 electronic communications device, and wherein the permanent identification code is 
input to the at least one electronic commimi cations device and transmitted to the 
electronic computer, the electronic computer generates a pseudo-random string and 
transmits this to the specific electronic communications device, the mask code is 
applied to the pseudo-random string so as to generate a volatile identification code in 

15 accordance with predetermined rules, the volatile identification code is transmitted 
back to the electronic computer by the specific electronic communications device or 
the at least one electronic communications device, the electronic computer checks the 
volatile identification code transmitted thereto against a volatile identification code 
obtained by applying the mask code to the pseudo-random string in accordance with 

20 the predetermined rules, and in which a positive identification is made when the 
volatile Identification codes arc found to match by the electronic coinputer. 

2. A system as clainaed in claim I, wherein the specific electronic 
commtmications device and the at least one electronic communications device are the 

25 same device. 

3. A system as claimed in claim 1, wherein the specific electronic 
communications device and the at least one electronic communications device are 
separate devices. 

30 
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4. A system' as claimed iri. any preceding claim, wherein the specific 
communications device is a mobile telephone, a pager or a personal digital assistant. 

5. A sysreiD as claimed in claim 3 or claim 4 depending from claiin 3, wherem 
the at least one electronic commimications device is an EFTPOS terminal ot the like. 

6. A system as claimed in any preceding claim, wherein the permanent 
identification code is supplied in the form of a card bearing human- and/or machine- 
readable uidicia. 



7. A method for identifying a specific electronic communications device or user 
thereof to an electronic computer having stored therein data relating to the specific 
electronic communications device or user thereof, including a permanent 
identification code, a mask code and an identification code enabling communication 

15 between the electronic computer and the specific electronic communications device, 
wherein the peiroanent identification code is input to at least one electronic 
communications dcridcc and transmitted thereby to the electronic computer, the 
electronic computer associates the permanent identification code with the 
identificjition code enabling communication therebetween and the specific electronic 

20 communications device and generates a pseudo-random string before transmitting 
this to the specific electronic communications device, the mask code is applied to the 
pseudo-random string in accordance with predetermined rules so as to generate a 
volatile identification code, the volatile idcatification code is input to the specific 
electronic communications device or the at least one electronic communications 

25 device and transmitted to the electronic computer where it is compared with a 
volatile identification code generated therein by applying the mask code to the 
pseudo-random string, and a positive identification is made when the volatile 
identification codes match. 



30 



8. A method according to claim 7, wherein the pseudo-random string comprises 
a first linear array of characters, each character having a given numerical position in 
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the first array (first, second, third etc.). and wherein the mask code comprises a 
second linear array of numbers, each number having a given numerical position in 
the second array (first, second, third etc.), the predetermined niles for applying the 
mask code to the pseudo-random string so as to generate the volatile identification 
5 code being sequentially to select numerical positions in the first array on the basis of 
the numbers in the second array, taken in positional order, and to rctum the 
characters thereby selected from the first array m sequence so as to form a third linear 
array, this third linear array forming the volatile identification code. 

10 9- A method according lo claim 7 or 8, wherein the pseudo-random string 
contains at least one character that is representative of some condition of the data 
relating to the person. 

10. A method according to any one of claims 7 to 9, wherein the specific 
15 electronic communications device and the at least one electronic communications 

device are the same device, 

11. A method according to any one of claims 7 to 9, wherein the specific 
electronic communications device and the at least one electronic communications 

20 device are separate devices. 

12. A method according to claim 10 or 11, whereia the specific conununications 
device is a mobile telephone, a pager or a personal digital assistant. 

25 13. A method according to claim 1 1 or claim 12 depending fiom claim 

wherein the at least one electronic communications device is an EFTPOS termmal or 
the like. 



1 4. A coded identification system substantially as hereinbefore described 



30 
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15. A method for identifying a specific electronic communications device or user 
thereof substEuatlally as hereinbefore described. 
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ABSTRACT 



EMBEDDED SYNCHRONOUS RANDOM DISPOSABLE CODE 
IDENTIFICATION METHOD AND SYSTEM 

5 

A method and system for secure idemifi cation of a person in an electronic 
commiinicatioTis environment, wherein a host computer is adapted to be able to 
communicate with a specific electronic communications device operated by the 
person. The person is issued with a mask code, known only to the person and stored 
10 in the host computer, but never transmitted electronically therebetween. When the 
person is required to identify him- or herself to the host computer, the host computer 
transmits a pseudo-random string XO the specific electronic communications device, 
whereupon the mask code must be applied to the pseudo-random string according to 
predetermined rules so as to generate a volatile identification code which is then 
15 transmitted back to the host computer. Positive identification is achieved when the 
volatile identification code matches a volatile identification code generated within 
the host computer by applying the mask code stored therein to the pseudo-random 
string. In this way, a person's mask code is never transmitted electronically and is 
therefore relatively safe from interception, and the volatile identification code will be 
20 different for each different pseudo-random string, thus making a fraudulently 
intercepted communication meaningless. 



Figure 1 

25 
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